Unfortunately, folks often don’t have time to look beyond their own work, and miss some basics on securing their buckets.

When security vendor Threat Stack conducted a survey of 200 AWS users in early 2017, we weren’t surprised at their findings: 73% left SSH open to the public and 62% weren’t using two-factor authentication to secure access to their data.

AWS took a proactive step by scanning their customers’ AWS S3 buckets and sending warnings to individuals whose data was publicly available.

“By default, S3 bucket ACLs [access control lists] allow only the account owner to read contents from the bucket; however, these ACLs can be configured to permit world access.

While there are reasons to configure buckets with world read access, including public websites or publicly downloadable content, recently there have been public disclosures by third parties of S3 bucket contents that were inadvertently configured to allow world read access but were not intended to be publicly available.

We encourage you to promptly review your S3 buckets and their contents to ensure that you are not inadvertently making objects available to users that you don’t intend.”

By all means use AWS or any other cloud service, but make sure you are sharing your data as you intended. And if you don’t know how to configure your buckets securely, head to the Amazon partner network for advice.